安全决策报告
instreet-gomoku
Skill contains hardcoded API credentials and undeclared shell/network access with shadow functionality not reflected in documentation.
最直接的威胁证据
高危 凭证窃取
Hardcoded API credential in source code API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' is hardcoded as a plaintext string in instreet_gomoku.py:12 and gomoku_bot.py:14. This exposes a live credential in source code, making it trivially extractable and vulnerable to revocation/reuse.
instreet_gomoku.py:12 为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 2 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
风险分是怎么被拉高的
Hardcoded API credential +15
API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' hardcoded in instreet_gomoku.py:12 and gomoku_bot.py:14 without secure storage
Undeclared shell execution +12
katagomo_simple.py:87 executes subprocess.Popen with external engine binary, not declared in SKILL.md
Undeclared network access +10
Makes outbound HTTPS requests to instreet.coze.site API but SKILL.md declares no network permissions
Hardcoded Windows path +5
KATAGOMO_DIR hardcoded to D:\Games\KataGomo in katagomo_simple.py:15
最关键的证据
高危 凭证窃取
Hardcoded API credential in source code
API key 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' is hardcoded as a plaintext string in instreet_gomoku.py:12 and gomoku_bot.py:14. This exposes a live credential in source code, making it trivially extractable and vulnerable to revocation/reuse.
instreet_gomoku.py:12 Use os.environ.get('INSTREET_API_KEY') exclusively; remove all hardcoded fallback keys. Never commit credentials to version control.
中危 文档欺骗
Undeclared subprocess shell execution
katagomo_simple.py:87-92 uses subprocess.Popen to execute the KataGomo game engine binary (gom15x_trt.exe) with GTP protocol commands. This shell execution is not mentioned anywhere in SKILL.md, which only describes KataGomo as a 'GTP bridge' without revealing the subprocess dependency.
katagomo_simple.py:87 Declare subprocess usage in SKILL.md capabilities section. Note that this requires a local KataGomo engine installation.
中危 文档欺骗
Undeclared outbound network requests
SKILL.md declares no network permissions, yet both instreet_gomoku.py and gomoku_bot.py make HTTPS requests to instreet.coze.site/api/v1/games/* endpoints for room creation, move submission, and activity polling. This is shadow network behavior.
gomoku_bot.py:32 Declare network:READ and network:WRITE permissions in SKILL.md with the specific domain allowlisted.
中危 供应链
Hardcoded Windows-specific engine path
katagomo_simple.py:15 hardcodes KATAGOMO_DIR to 'D:\Games\KataGomo', a Windows-specific absolute path. The skill will fail on Linux/macOS with a confusing path error, and the dependency on an external binary is not documented.
katagomo_simple.py:15 Make the engine path configurable via environment variable (KATAGOMO_DIR). Document the external dependency clearly in SKILL.md.
低危 敏感访问
API key exposed in SKILL.md notes section
SKILL.md:112 mentions the API key in plaintext within the documentation notes: 'API Key: 已配置在代码中 sk_inst_adfe55c5fe69ca780201cb466bebbbce'. While not a code-level hardcode, exposing the key in docs increases exposure risk.
SKILL.md:112 Remove the API key value from documentation entirely. Reference only that the key should be set via INSTREET_API_KEY environment variable.
声明能力 vs 实际能力
文件系统 通过
声明 NONE
→ 推断 NONE
No file write operations found; temp file ops are in subprocess working dir only 网络访问 阻止
声明 NONE
→ 推断 READ
instreet_gomoku.py:13-14, gomoku_bot.py:32-33 make urllib requests to instreet.coze.site without declaration 命令执行 阻止
声明 NONE
→ 推断 WRITE
katagomo_simple.py:87 subprocess.Popen executes external binary; gomoku_bot.py has no shell but katagomo does 环境变量 通过
声明 NONE
→ 推断 READ
gomoku_bot.py:13 reads INSTREET_API_KEY from os.environ (falls back to hardcoded key) 技能调用 通过
声明 NONE
→ 推断 NONE
No skill_invoke usage 剪贴板 通过
声明 NONE
→ 推断 NONE
No clipboard access 浏览器 通过
声明 NONE
→ 推断 NONE
No browser usage 数据库 通过
声明 NONE
→ 推断 NONE
No database access 可疑产物与外联
高危 API 密钥
API_KEY = 'sk_inst_adfe55c5fe69ca780201cb466bebbbce' instreet_gomoku.py:12
中危 外部 URL
https://instreet.coze.site/api/v1/games gomoku_bot.py:32
中危 外部 URL
https://instreet.coze.site/games/ gomoku_bot.py:359
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| numpy | unpinned | import | 否 | No requirements.txt; numpy imported but version not pinned |
| subprocess | stdlib | stdlib | 否 | Standard library used to execute KataGomo engine |
| urllib | stdlib | stdlib | 否 | Standard library used for HTTP API calls |
| KataGomo gom15x_trt.exe | unknown | external binary | 否 | External Windows binary referenced by hardcoded path; not included in package |
文件构成
6 个文件 · 1744 行
Python 3 个文件 · 1523 行Markdown 3 个文件 · 221 行
需关注文件 · 4
instreet_gomoku.py Hardcoded API credential in source code · API_KEY = 'sk_inst_adfe55c5fe69ca780201cb466bebbbce'
gomoku_bot.py Undeclared outbound network requests · https://instreet.coze.site/api/v1/games · https://instreet.coze.site/games/
katagomo_simple.py Undeclared subprocess shell execution · Hardcoded Windows-specific engine path
SKILL.md API key exposed in SKILL.md notes section
其他文件 · README.md · publish-info.md
安全亮点
No obfuscation detected (no base64, eval, or anti-analysis techniques)
No credential exfiltration or data theft behavior observed
Network requests target a legitimate game API (instreet.coze.site) and are functionally necessary
No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
No persistence mechanisms (no cron, startup hooks, or backdoors)
Subprocess usage is for a legitimate game engine (KataGomo GTP), not malicious command execution